Configuring and applying an RA guard policy

About RA guard policy configuration

Configure an RA guard policy if you do not specify a role for the attached device or if you want to filter the RA messages sent by a router.

Procedure

  1. Enter system view.

    system-view

  2. Create an RA guard policy and enter its view.

    ipv6 nd raguard policy policy-name

  3. Configure the RA guard policy.

    Choose the following tasks as needed:

    • Specify an ACL match criterion.

      if-match acl { ipv6-acl-number | name ipv6-acl-name }

    • Specify a prefix match criterion.

      if-match prefix acl { ipv6-acl-number | name ipv6-acl-name }

    • Specify a router preference match criterion.

      if-match router-preference maximum { high | low | medium }

    • Specify an M flag match criterion.

      if-match autoconfig managed-address-flag { off | on }

    • Specify an O flag match criterion.

      if-match autoconfig other-flag { off | on }

    • Specify a maximum or minimum hop limit match criterion.

      if-match hop-limit { maximum | minimum } limit

    By default, the RA guard policy is not configured.

  4. Quit RA guard policy view.

    quit

  5. Enter VLAN view.

    vlan vlan-number

  6. Apply an RA guard policy to the VLAN.

    ipv6 nd raguard apply policy [ policy-name ]

    By default, no RA guard policy is applied to the VLAN.